CVE-2015-8947 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Harfbuzz
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer16 documents7 sources
Severity
7.6HIGHNVD
EPSS
0.5%
top 34.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 19
Latest updateMay 17
Description
hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:HExploitability: 2.8 | Impact: 4.7
Affected Packages5 packages
🔴Vulnerability Details
5📋Vendor Advisories
5💬Community
4Bugzilla▶
CVE-2015-8947 CVE-2016-2052 harfbuzz: chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 [epel-7]↗2016-07-21
Bugzilla▶
CVE-2015-8947 CVE-2016-2052 mingw-harfbuzz: chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 [fedora-all]↗2016-07-21
Bugzilla▶
CVE-2015-8947 CVE-2016-2052 harfbuzz: chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6 [fedora-all]↗2016-07-21
Bugzilla▶
CVE-2016-2052 CVE-2015-8947 chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6↗2016-01-25